I don't care so much about this security issue because assuming that 
you are using a function in a scope shared by the rc scripts and 
haven't hard coded the way to read such arguments in every rc-script, 
it would be trivial to add  some security measures later on.

However from a alternative platform/architecture point of view I have 
to note that at least a kernel dependent strategy might be needed here. 
I wonder whether kernels such as for instance the hurd pass arguments 
the same way as a linux kernel and whether newer linux kernel releases 
might not change this process, thus requiring different rc scripts for 
each kernel while only a different runtime strategy is needed. 
Currently not an urgent issue, but we'll have to take this into 
account.

Pieter

On 17 Jan 2004, at 18:06, Brad House wrote:

> no, the rcscripts must now parse the kernel commandline opts
> to get a few options. There's really not many other ways to
> do it.  Besides you just proved by your statement that someone
> could instead pass   init=/bin/sh  and override any sort of
> init process, so trying to make the 'cdroot' option secure
> is obsurd, as there's 10 million other ways to get in if you
> have direct access to the computer.
>
> -Brad


--
gentoo-releng@g.o mailing list